- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Ugh, I remember these things.
Back in the 2000s I was working on a military simulator which used iPaqs as a mobile instructor station, so that instructors could manipulate the scenario as they walked around watching what students were doing. It was a great idea, except...
Apparently HP (or Compaq before them) hadn't heard of non-volatile storage. So if the battery on the thing went flat, all the software, configuration and history was wiped next time you turned it on. Yes, really. If you wanted to use these things for anything serious, you had to notice when the battery was nearly flat and go put them on a charger. Except...
The whole system was classified. So you couldn't just leave the things sat out on a charger, they had to be either in the possession of someone with an appropriate clearance and need to possess them or locked in a cabinet approved by the relevant country's security services. Switching them off had the same effect as the battery going flat, so of course next time you grabbed them out of the cabinet, you'd have to reinstall all the software from scratch.
As an interim workaround during development, on any day where the devices were to be used, someone had to arrive at around 4AM, put the things on a charger and then sit and watch them until they were charged. Once charged, they would install the latest software build on them, then put them back on the charger until other people were ready to use them. This was, shall we say, not a popular task. They were not allowed to leave the room for ANY reason unless they first got someone else suitably qualified to sign for receipt of the devices.
I believe that, in the end, a team of about six people were tasked with the specification, design, procurement and qualification of a powered security cabinet with integrated iPaq chargers that met the relevant classification requirements.
Admin
This is why you don't allow vendors to deviate from the established standard. Because they'll always come up with something much worse, and utterly broken.
Admin
So they still left the hole of all you need to do to log into some else's account is guess at a valid 'unique' id?
Admin
Zero factor authentication, resolves the annoyance of needing to remember passwords or pins!
Admin
I'm fairly sure we're still in that age, just for different reasons.
Admin
At last, my question "How many military personnel does it to take to use an iPaq" has been answered!
Admin
On the plus side, you don't need a sanitization procedure...
Admin
I was thinking - Wait, isn't the room they have these (and the lock up GSA safe) itself a "closed container". Leave them charging and just set-the-alarm/spin-the-dial on the door when you leave the room to use the bathroom.
Admin
Unique...
Admin
Your unique device ID is 4 https://www.xkcd.com/221/
Admin
Not surprising. NV storage that could fit there with useful capacity was quite expensive. (Generally NAND and NOR flashes were in MBs sizes (NOR flash BTW was quite interesting thing, because it supported byte addressing and thus there was option for XIP (Execution in-place) I had one and i was quite nice, pity I took model with GPS but no WiFi...
Admin
"Despite what Apple might have you believe, the iPhone wasn't the first portable computing device."
Shoot, the iPhone wasn't even Apple's first portable computing device. Newton MessagePad, anyone?
Admin
function HpGUID () { return Hash(guidCountSinceReboot); }
Admin
Well it was a Unique ID. Unique to HP, of course. No other company generated that ID.
(Cue both the Dilbert strip about the generation of a "random" number and the equivalent xkcd strip.)
Admin
Back in the 80's my company used computers from a vendor who generated the Ethernet MAC address by concatenating their OUI and the machine's serial number. However, serial numbers were only unique for a specific model of the computer. We ended up with two machines with the same serial number because they were different models, and this caused MAC address conflicts.
Luckily it was possible to override the default MAC address, so I configured one of them with a manual MAC address that didn't conflict.
Admin
Back then, NV storage was expensive. NAND flash wasn't too common (and hard to drive), NOR flash was what you used, but painfully expensive and pitifully small. We put 16MB of NOR flash, which was enough for a basic Linux OS and about 4MB of user space free. If you used Windows CE or PocketPC (Windows Mobile), it was pretty much zero. Intel licensed a filesystem driver that let you use leftover flash as NV storage - it was free licensing if you used Intel's chips in your product. Not hard, since you either used an Intel StrongARM (or PXA) processor (now Marvell), or Intel StrataFlash NOR flash which were the devices with the most capacity on the market.
If you wanted to use NAND flash, you needed a boot NOR flash so your chip could start up and write your own driver. Or you paid extra for something like DiskOnChip which let you boot from NAND. But still, it was relatively rare. Everyone was mindful of flash wear limits, after all.
Anyhow, Windows CE/Mobile used RAM disks as they provided the functionality. The HP devices were supposed to have a backup battery that kept the RAM powered up and persistent.
Admin
"Shoot, the iPhone wasn't even Apple's first portable computing device. Newton MessagePad, anyone?"
Or the Macintosh Portable, for sufficiently expansive definitions of portable.
Admin
Regarding non-volatile storage: That wasn't HP's or Compaq's idea. Windows Mobile 5 was the first edition of the OS to support persistent storage. Actually, some earlier iPaqs had flash memory, but that wasn't really integrated in the OS. You could store files there, but if you installed software to the flash memory the desktop icon (or equivalent) and other configuration stuff still got wiped.
This was pretty common with early PDA's, PalmOS and Symbian also did everything in RAM.
Admin
Hmm, sounds like relying on any ID generated by the phone is a little risky - IMEIs can be cloned etc.
The ideal (haha - when does that ever happen?) way to deal with this is when the user logs in a UUID is generated, cryptographically signed, stored in a database and on the device, then you can verify what account that device belongs to. Presumable logging out would delete the UUID - a new one would be generated on next log in. You could also have multiple UUIDs per account if they could use multiple devices.
Admin
@The Mole: and somehow supply that guessed value into the innards of their proprietary app; it doesn't come from a user input textbox. I suppose a malicious user could somehow shim the OS's GetDeviceIMEI() call to deliver a fake value. Given that the IMEI is the very core of the whole telecom identity, that is (or at least should be) a pretty well-guarded pathway against spoofing.
Nowadays when every client is a fully programmable browser we get used to the idea that any barely-technical user can spoof any credentials. 20 years ago both malware and malware writers weren't quite as skilled as they are today.
Admin
Like the Osbourne "luggable" portable computer? An XT computer, with 2 floppy drives, a 10 MB hard drive, a handle on top, 4 inch green monitor, covered by the keyboard, in one chassis, the size and weight of a suitcase stuffed for a 2-week vacation. It had no battery and had to be plugged into the wall to be used.
Admin
Apple never claimed the iPhone was the first portable computing device. They HAVE made that claim about the Newton Messagepad (1993), and it's certainly true that the entire PDA market was based on the Newton, just like Android was based on the iPhone. But you can argue that they had portables before that.
The Macintosh Portable started production in 1989, had a built-in keyboard, screen, and battery, but was too big to be a laptop. (But still: portable!)
The Macintosh SE started production in 1987, and although it had no built-in keyboard, there were third-party custom-molded carts so you could take your computer with you to and from work.
The Apple IIc in 1988 was explicitly designed to be "portable" in the sense of "you can carry it from location to location and just plug in a monitor". (To be clear: Apple doesn't claim that it was the first portable, and if they did there were other systems with built-in keyboards and no screen, like the Commodore 64, before that.)
Admin
Maybe the locked room was not considered secure enough for the classification level. E.g., if there's a window, someone can break it and grab something.
But most likely, the problem is that the room was used for many purposes, so people who did not have clearance for that particular project had keys to the room. When I worked on F-111D radar, my top secret clearance only gave me access to classified information about the F-111D radar. There were other items in the same safe that I could not read, and an NCO whose job was to open that safe and sign items in and out. And the room also contained bookshelves of unclassified documents, which covered about 80% of my job.
Admin
The original Macintosh was quite portable. I had a shoulder bag to carry it, and it spent many miles travelling with me on the bus.
Admin
Original Macintosh was 1984, a few years before Macintosh SE. According to Wikipedia "The Osborne 1 is the first commercially successful portable microcomputer, released on April 3, 1981 by Osborne Computer Corporation". Which seams to imply it was NOT the first portable microcomputer, that there were earlier ones that just were not commercially successful.
Admin
I would call the Osborne a luggable.
Admin
And this still happens!
Just buy random chinese android devices and you'll notice that many of them changes IMEI and MAC semi-randomly and the android id is the same on all their models!
Admin
Here's IBM's first portable. From 1975, none of this sissie late 1980s stuff. https://en.wikipedia.org/wiki/IBM_5100
I had one for evaluation for awhile.
Admin
Android based on iPhone?
"The early intentions of the company were to develop an advanced operating system for digital cameras, and this was the basis of its pitch to investors in April 2004. The company then decided that the market for cameras was not large enough for its goals, and by five months later it had diverted its efforts and was pitching Android as a handset operating system that would rival Symbian and Microsoft Windows Mobile."
Admin
There's a WTF before the IDs - it's deciding to test a few days before the launch
Admin
Just coincidentally, the decision to change Android from a static camera OS to a phone OS with apps happened at a meeting called by Schmidt, who was on the board of Apple (despite most of the rest of the board repeatedly telling Jobs that he had a massive and ineradicable conflict of interest), immediately after he returned from the Apple board meeting at which Jobs showed off the initial prototype of the iPhone, which had been a secret project the board had not heard about until that time. I'm sure it's a total coincidence, though, right? It's not like Google is some kind of evil, opportunistic entity. [Insert laughter here.]